From 3bc97dfac77d9f5374ebeedba744e4504bd6d1a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Tue, 29 Aug 2023 11:19:22 +0200
Subject: [PATCH 1/6] Bumo to 4.5.3

---
 CHANGELOG.md                                        | 6 ++++++
 README.md                                           | 1 +
 VERSION                                             | 4 ++--
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml   | 4 ++--
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++--
 roles/wazuh/check-packages/defaults/main.yml        | 2 +-
 roles/wazuh/wazuh-dashboard/defaults/main.yml       | 4 ++--
 roles/wazuh/wazuh-dashboard/vars/debian.yml         | 2 +-
 roles/wazuh/wazuh-indexer/defaults/main.yml         | 2 +-
 9 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b9e37ad..92cee4ab 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v4.5.3]
+
+### Added
+
+- Update to [Wazuh v4.5.3](https://github.com/wazuh/wazuh/blob/v4.5.3/CHANGELOG.md#v453)
+
 ## [v4.5.2]
 
 ### Added
diff --git a/README.md b/README.md
index 34f1502a..3c83481b 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
+| v4.5.3        |         |        |
 | v4.5.2        |         |        |
 | v4.5.1        |         |        |
 | v4.5.0        |         |        |
diff --git a/VERSION b/VERSION
index 0732822e..dd7178a6 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.5.2"
-REVISION="40504"
+WAZUH-ANSIBLE_VERSION="v4.5.3"
+REVISION="40505"
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 38db0348..70e258f0 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 
-wazuh_agent_version: 4.5.2
+wazuh_agent_version: 4.5.3
 
 # Custom packages installation
 
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 
 wazuh_agent_sources_installation:
   enabled: false
-  branch: "v4.5.2"
+  branch: "v4.5.3"
   user_language: "y"
   user_no_stop: "y"
   user_install_type: "agent"
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index cd6e3bce..21913bb0 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 
-wazuh_manager_version: 4.5.2
+wazuh_manager_version: 4.5.3
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
 # Sources installation
 wazuh_manager_sources_installation:
   enabled: false
-  branch: "v4.5.2"
+  branch: "v4.5.3"
   user_language: "en"
   user_no_stop: "y"
   user_install_type: "server"
diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml
index 28f82584..d8cf1dba 100644
--- a/roles/wazuh/check-packages/defaults/main.yml
+++ b/roles/wazuh/check-packages/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-wazuh_version: 4.5.2
+wazuh_version: 4.5.3
diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml
index df82bcc6..6e2b925c 100644
--- a/roles/wazuh/wazuh-dashboard/defaults/main.yml
+++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml
@@ -8,12 +8,12 @@ dashboard_node_name: node-1
 dashboard_server_host: "0.0.0.0"
 dashboard_server_port: "443"
 dashboard_server_name: "dashboard"
-wazuh_version: 4.5.2
+wazuh_version: 4.5.3
 indexer_cluster_nodes:
   - 127.0.0.1
 
 # The Wazuh dashboard package repository
-dashboard_version: "4.5.2"
+dashboard_version: "4.5.3"
 
 # API credentials
 wazuh_api_credentials:
diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml
index c4e7fd12..c9a3f56d 100644
--- a/roles/wazuh/wazuh-dashboard/vars/debian.yml
+++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml
@@ -1,2 +1,2 @@
 ---
-dashboard_version: 4.5.2
+dashboard_version: 4.5.3
diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml
index 2a82d055..61970cb7 100644
--- a/roles/wazuh/wazuh-indexer/defaults/main.yml
+++ b/roles/wazuh/wazuh-indexer/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # Cluster Settings
-indexer_version: 4.5.2
+indexer_version: 4.5.3
 
 single_node: false
 indexer_node_name: node-1

From 86fb18a0c5d1da556245a47890d0df2b7490823b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 11:27:19 +0200
Subject: [PATCH 2/6] Added SHA512 URL variables

---
 roles/wazuh/vars/repo.yml             | 2 +-
 roles/wazuh/vars/repo_pre-release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml
index 2dd92669..03640081 100644
--- a/roles/wazuh/vars/repo.yml
+++ b/roles/wazuh/vars/repo.yml
@@ -5,7 +5,7 @@ wazuh_repo:
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-
+wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
 certs_gen_tool_version: 4.5
 
 # Url of certificates generator tool
diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml
index 3eaf6ca1..b7ae548a 100644
--- a/roles/wazuh/vars/repo_pre-release.yml
+++ b/roles/wazuh/vars/repo_pre-release.yml
@@ -5,7 +5,7 @@ wazuh_repo:
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-
+wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
 certs_gen_tool_version: 4.5
 
 # Url of certificates generator tool

From 06314eb8f92f104b293093581b1b516b163b58e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 12:18:16 +0200
Subject: [PATCH 3/6] Added tasks to verify SHA512 checksum

---
 .../ansible-wazuh-agent/tasks/Windows.yml     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index bcf6e1f0..15b27f72 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -30,16 +30,29 @@
   when:
     - not wazuh_package_downloaded.stat.exists
 
+- name: Windows | Download SHA512 checksum file
+  win_get_url:
+    url: "{{ wazuh_winagent_sha512_url }}"
+    dest: "{{ wazuh_winagent_config.download_dir }}"
+  when:
+    - not wazuh_package_downloaded.stat.exists
+  
+- name: Extract checksum from SHA512 file
+  win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] }
+  register: extracted_checksum
+  when:
+    - not wazuh_package_downloaded.stat.exists
+
 - name: Windows | Verify the Wazuh Agent installer
   win_stat:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     get_checksum: true
-    checksum_algorithm: md5
+    checksum_algorithm: sha512
   register: wazuh_agent_status
   failed_when:
-    - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5
+    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout
   when:
-    - wazuh_winagent_config.check_md5
+    - wazuh_winagent_config.check_sha512
 
 
 - name: Windows | Install Agent if not already installed

From 4c62f30d9d16942e0080efa09617b16db5c328cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 13:18:22 +0200
Subject: [PATCH 4/6] Fixed checksum condition

---
 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index 15b27f72..e70243f1 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -35,13 +35,13 @@
     url: "{{ wazuh_winagent_sha512_url }}"
     dest: "{{ wazuh_winagent_config.download_dir }}"
   when:
-    - not wazuh_package_downloaded.stat.exists
+    - wazuh_winagent_config.check_sha512
   
 - name: Extract checksum from SHA512 file
   win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] }
   register: extracted_checksum
   when:
-    - not wazuh_package_downloaded.stat.exists
+    - wazuh_winagent_config.check_sha512
 
 - name: Windows | Verify the Wazuh Agent installer
   win_stat:
@@ -50,11 +50,10 @@
     checksum_algorithm: sha512
   register: wazuh_agent_status
   failed_when:
-    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout
+    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout_lines[0]
   when:
     - wazuh_winagent_config.check_sha512
 
-
 - name: Windows | Install Agent if not already installed
   win_package:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"

From b8e2fb676b44ff4997d50932f133d440b3ef2ffd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 14:29:15 +0200
Subject: [PATCH 5/6] Changed md5 by sha512 variable

---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 70e258f0..5b4582be 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -53,8 +53,7 @@ wazuh_winagent_config:
   auth_path: C:\Program Files\ossec-agent\agent-auth.exe
   # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
-  check_md5: True
-  md5: 3823a34bb108b9ad4e9fb43cb8f0b4e3
+  check_sha512: True
 
 wazuh_dir: "/var/ossec"
 

From f2ec14038ffdb76a19c8e793cc656096bebd3adb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 14:40:21 +0200
Subject: [PATCH 6/6] Added task to delete checksum file

---
 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index e70243f1..f312253d 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -107,3 +107,8 @@
   win_file:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     state: absent
+
+- name: Windows | Delete downloaded checksum file
+  win_file:
+    path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512"
+    state: absent